Cyber Resilience

Threat actor · all actors

Sea TurtleG1041 unknown

aka Sea Turtle, Teal Kurma, Marbled Dust, Cosmic Wolf, SILICON

Last updated: 2026-07-03

0attributed CVEs
40ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Sea Turtle](https://attack.mitre.org/groups/G1041) is a Türkiye-linked threat actor active since at least 2017 performing espionage and service provider compromise operations against victims in Asia, Europe, and North America. [Sea Turtle](https://attack.mitre.org/groups/G1041) is notable for targeting registrars managing ccTLDs and complex DNS-based intrusions where the threat actor compromised DNS providers to hijack DNS resolution for ultimate victims, enabling [Sea Turtle](https://attack.mitre.org/groups/G1041) to spoof log in portals and other applications for credential collection.(Citation: Talos Sea Turtle 2019)(Citation: Talos Sea Turtle 2019_2)(Citation: PWC Sea Turtle 2023)(Citation: Hunt Sea Turtle 2024)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-422 / 4055%
CM-619 / 4048%
CM-217 / 4042%
AC-315 / 4038%
AC-613 / 4032%
SI-313 / 4032%
SI-713 / 4032%
CA-712 / 4030%
CM-712 / 4030%
RA-512 / 4030%
SC-712 / 4030%
AC-411 / 4028%
AC-210 / 4025%
AC-59 / 4022%
IA-29 / 4022%

Co-occurring actors

None.

Similar actors

Similar TTPs